Sunday, May 15, 2016

Iam always more interested in SPAM emails rather than my Inbox. Today, I stumbled upon an email in my Spam box with subject Invoice #34069680. It had a spam-my named attachment along with it saying they have sent some of my shipment lol! and this is the invoice to the same.

I then de-activated my Anti-Virus software, downloaded the zip archive, extracted & it had a lonely file in it named invoice_copy_Bqa6Ci.js. It was in fact, no invoice document but a JavaScript file with following contents.

It seemed like it was obfuscated, so I went in to dig the thing deeper and de-obsfuscate it line-to-line by hand. The result I got is as below:

This clearly shows what it does. It downloads a file from either http://wherareyoufromff.com/25.exe or http://arendroukysdqq.com/25.exe (most probably the second URL is there as a fallback in case the first one fails), and saves it as 4194304.exe in your %TEMP% folder, and finally executes it upon successful download. Thenafter, you cannot tell how much the unknown executable saved in your %TEMP% folder will be able to exploit your system.

So beware! If you receive any email similar or exactly as this one, make sure don't download anything there in it.

Been recursing in multi-level folders in my eHDD, cleaning up not needed anymore stuff, moving things from here 'n there today morning. Fortunately, just found something I thought I can show-off here :D. I used to convert cars from various games to Grand Theft Auto Vice City and Need For Speed Hot Pursuit 2 in my childhood. I only had these 2 games running at playable FPS with lowest graphics settings on my 128MB RAM desktop, out of which 32 MB was shared with the onboard GPU. Lol! When I built my new gaming desktop in 2013, back then I again wanted to make one more card for Grand Theft Auto. Just for the love with the game.